Hit ENTER after each Tag to add it to your post; Numbers in parentheses represent the Tag's usage.

So Wired magazine published an interesting article regarding problems with using RFC 1342 to sneak by DKIM and DMARC rules. The exploit allows the sender to spoof any address. There are over 30 listed clients including web based. I did NOT see SmarterMail or SmarterTrack listed but I was interested in seeing if this has been tested against SM16 yet or not and if there has been any consideration for how to fix this.

Ban IP Address

Delete Confirmation

I would hope that SmarterMail is properly sanitizing non-ASCII strings after decoding them but it would certainly be nice to know this for a fact. It would be reassuring to hear from SmarterTools themselves on whether they have addressed the Mailsploit vulnerability for an upcoming patch or have verified that SmarterMail (and SmarterTrack) have been pen-tested for this vulnerability and passed with flying colors. Considering Mailsploit has hit every IT rag yesterday and is hitting mainstream media today inquiring minds certainly want to know.

Report Abuse

Offensive Content

Wrong Category

Spam

Ban User

Are you sure you want to ban this user?

Ban IP Address

Are you sure you want to ban this IP Address?

Delete Confirmation

Right now all but one test fail to even deliver the mail due to some null reference errors. The one test that does go through gets smacked down by DKIM.We will be working on why it's having delivery issues, then retesting it.

Ban IP Address

Delete Confirmation

Thanks for the update Matt. It is greatly appreciated and definitely good to hear that SmarterTools has been following Best Practices with sanitizing non-ASCII properly!

The Null reference errors in delivery I've noticed with email with a From: <> in the latest v16 release so that's not too much of a surprise that it is happening with Mailsploit messages too. We don't get too many emails a day with Null senders so it's really been a minor issue clearing them out of the Spool manually.